Category: Perspectives

SEC Proposes Two New Cybersecurity Regulations

Posted on by Kelly McElroy

What You Need to Know

 

Summary of New Proposed Rule 10

 

Proposed Rule 10 would require all Market Entities (everyone but small broker-dealers) – referred to in the Rule as Covered Entities – to adopt written policies and procedures to address cybersecurity risks.  These written policies and procedures must include the following:

  • Periodic assessments of cybersecurity risks associated with the Covered Entity’s information systems and written documentation of the risk assessments;
  • Controls designed to minimize user-related risks and prevent unauthorized access to the Covered Entity’s information systems;
  • Measures designed to monitor the Covered Entity’s information systems and protect the Covered Entity’s information from unauthorized access or use, and oversee service providers that receive, maintain, or process information or are otherwise permitted to access the Covered Entity’s information systems;
  • Measures to detect, mitigate, and remediate any cybersecurity threats and vulnerabilities with respect to the Covered Entity’s information systems; and
  • Measures to detect, respond to, and recover from a cybersecurity incident and procedures to create written documentation of any cybersecurity incident and the response to and recovery from the incident.[1]

Proposed Rule 10 would also require immediate written electronic notice of a significant cybersecurity incident to the SEC and the filing of a new form SCIR.  The SCIR form would gather information about the significant cybersecurity incident and the Covered Entity’s efforts to respond to and recover from the incident.

Finally, the proposal would require Covered Entities to publicly disclose summary descriptions of their cybersecurity risks and the significant cybersecurity incidents they experienced during the current or previous calendar year on Part II of proposed Form SCIR. A Covered Entity would need to file the form with the SEC and post it on its website. Covered Entities that are carrying or introducing broker-dealers would also need to provide the form to customers at account opening, when information on the form is updated, and annually.

Summary of Proposed Amendments to Regulation S-P

The second proposed rule would amend Regulation S-P covering almost all Market Entities to create additional protections for customer information and create a federal minimum standard for data breach regulations.  The proposed amendments would require covered institutions to adopt an incident response program as part of their written policies and procedures under the safeguards rule. The proposal would require an incident response program to be reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information, include procedures to assess the nature and scope of any such incident, and contain and control such incidents. The proposal would also apply certain requirements related to incident response to covered institutions’ relationships with third-party service providers.

The proposed amendments would require covered institutions to notify affected individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The proposal would require a covered institution to provide the notice as soon as practicable, but not later than 30 days after a covered institution becomes aware that unauthorized access to or use of customer information has occurred or is reasonably likely to have occurred. A covered institution would not need to provide the notification if the covered institution determines that the sensitive customer information was not actually and is not reasonably likely to be used in a manner that would result in substantial harm or inconvenience.

Additionally, the proposed amendments would enhance customer notification by:

  • Expanding the safeguards and disposal rules to cover “customer information,” a new defined term referring to a record containing “nonpublic personal information,” a term already in use for other components of Regulation S-P, about a customer of a financial institution. The proposed amendments would therefore apply both rules to both nonpublic personal information that a covered institution collects about its own customers and nonpublic personal information it receives from a third-party financial institution about customers of that financial institution;
  • Requiring covered institutions to make and maintain written records documenting compliance with the requirements of the safeguards rule and disposal rule;
  • Conforming Regulation S-P’s annual privacy notice delivery provisions to the terms of an exception added by the 2015 Fixing America’s Surface Transportation Act, which would provide that covered institutions are not required to deliver an annual privacy notice if certain conditions are satisfied; and
  • Extending the safeguards rule to transfer agents registered with the Commission or another appropriate regulatory agency. In addition, the proposed amendments would extend the disposal rule from covering only transfer agents registered with the Commission to also transfer agents registered with another appropriate regulatory agency.

What You Need to Know Right Now

 

First – the proposed cybersecurity regulations are not yet final.  Market Entities have the opportunity to comment on the proposals.  This is a chance for Market Entities to influence the future of cybersecurity in the industry.  Some of the concerns raised by the SEC include conflict with state data breach laws.  Mark T. Uyeda, an SEC Commissioner, noted:

 

“lack of an integrated regulatory structure may even weaken cybersecurity protection by diverting attention to satisfy multiple overlapping regulatory regimes rather than focusing on the real threat of cyber intrusions and other malfeasance.”

 

These are just a few of the many topics that the SEC has opened for comments.  Numerous other issues exist.  The attorneys at Pastore LLC are highly skilled in both the financial sector and cybersecurity.  Pastore LLC can help you draft and file comments before the proposals become final.  Comments are due 60 days after the proposed rules appear in the Federal Register, which is expected to occur in the next 4 weeks.

 

Second – it is inevitable that some form of cybersecurity enhancement rules will be enacted in the near future.  Now is the time to start planning compliance.  The attorneys at Pastore LLC can assist you in formatting written policies and procedures.  Pastore LLC attorneys are creative and understand the overall data privacy, data breach and cybersecurity landscape.  Pastore LLC attorneys can work with internal compliance and legal departments to develop the best plan for a Market Entity’s needs.

 

Don’t wait!  Change is coming and Market Entities need to plan for the future regulations now.  Pastore LLC can help.

[1] Fact Sheet – Addressing Cybersecurity Risk to the U.S. Securities Markets.

SEC Examination Priorities 2023 Review

Posted on by Kelly McElroy

The SEC’s Division of Examinations (“EXAMS”) has published its priorities for 2023. EXAMS is responsible for overseeing registered investment advisers, exempt reporting advisers, broker-dealers and other SEC-regulated entities. Understanding the publication will help examined practitioners prepare themselves for the future and avoid unexpected noncompliance.

EXAMS articulated the priorities to promote their four primary goals: (1) promote compliance; (2) prevent fraud; (3) monitor risk and (4) inform policy. Each area of focus should support these “four pillars.”

  1. Recently Adopted Rules

Marketing Rule (Advisers Act Rule 206(4)-1)

Registered investment advisers (“RIAs”) must adopt and implement written policies and procedures that prevent violations. They must also be able to demonstrate that they had a reasonable basis for believing the material facts they put forth.

Derivatives Rule (Investment Company Act Rule 15f-4)

Funds must adopt and implement policies and procedures to manage their derivatives risks and prevent violations. This should include a risk management program, board oversight and complete and accurate disclosures.

Fair Valuation Rule (Investment Company Act Fair Valuation Rule 2a-5)

Funds must properly oversee the determinations of fair value and comply with policies and procedures of reporting and recordkeeping. EXAMS will also specifically look for adjustments to valuation methodologies.

  1. Private Funds

RIAs to private funds should be aware of (1) conflicts of interest; (2) calculations and allocation of fees and expenses; (3) the Marketing Rule; (4) use of alternative data (Advisers Act Section 204A); and (5) the Custody Rule (Advisers Act Rule 206(4)-2).

EXAMS notes that private funds exhibiting any of these specific risk characteristics will receive heightened scrutiny:

  • Highly-leveraged
  • Managed side-by-side with BDCs
  • Use of affiliated companies and advisery personnel to provide services to clients
  • Holding certain hard-to-value investments, such as crypto and real estate
  • Invested in or sponsor Special Purpose Acquisition Companies (SPACs)
  • Involvement in adviser-led restructurings
  1. Standards of Conduct

Broker-dealers and RIAs servicing retail investors must prioritize the investor’s best interest ahead of the firm’s or professional’s interests. Carefully manage, and fully disclose, conflicts of interest. Special attention is paid to more complex investment products and advice or recommendations given to certain vulnerable investors. EXAMS notes they will be looking for inappropriate attempts to waive or limit standards of conduct, such as hedge clauses. Lastly, ensure compliance with Form CRS (Client or Customer Relationship Summary).

  1. Environment, Social and Governance (ESG) Investments

Investments and strategies bearing the Environment, Social and Governance (ESG) label will be scrutinized to ensure they operate as set forth in disclosures. Any recommendations of such products for retail investors must be in the investor’s best interest.

  1. Informational Security and Operational Resiliency

Broker-dealers and RIAs must plan and act to safeguard against cyberattacks and other disruptions. EXAMS specifically notes the cybersecurity vulnerabilities associated with third-party vendors. They also note the need to consider climate-related risks.

  1. Crypto Assets and Emerging Financial Technology

New or never before examined registrants interacting with crypto-related assets should prepare for examination. EXAMS will specifically look for adequate standards of care and routine review, update and enhancement of compliance, disclosure and risk management practices. Firms employing digital engagement practices will also receive more scrutiny.

  1. Investment Advisers and Investment Companies

EXAMS will examine RIAs’ operations and compliance practices. Accuracy of regulatory filings is key and EXAMS expects consideration of current market factors in the related valuations. EXAMS will pay special attention to RIAs’ fee calculations and alternative revenue streams.

Exams emphasizes the fiduciary obligations of RIAs to registered investment companies. Funds with these specific characteristics will receive heightened scrutiny:

  • Turnkey funds
  • Mutual funds that converted to ETFs
  • Non-transparent ETFs
  • Loan-focused funds
  • Medium and small fund complexes that have experienced excessive staff attrition
  • Volatility-linked ETFs
  • Single-stock ETFs
  • New, unexamined or not recently examined investment companies
  1. Broker Dealers

EXAMS will focus on broker-dealers’ compliance and supervisory programs, including those for electronic communications and recording those communications. EXAMS note special interest in issues specific to equities, fixed income securities, over-the-counter securities and microcap securities.

  1. Clearing Agencies

Registered clearing agencies should emphasize procedures for risk management including maintaining sufficient financial resources, protecting against credit risks, managing member defaults and managing operational and other risks.

  1. Regulation SCI

EXAMS will focus on the security and reliability of certain technological trading platforms.

  1. Anti-Money Laundering

Firms must establish appropriate customer identification programs and satisfy their SAR filing obligations. EXAMS will examine for full compliance with the Bank Secrecy Act.

  1. Discontinuation of LIBOR

EXAMS notes the potential disruption that discontinuation of the London Interbank Offered Rate happening in mid-2023 may cause. EXAMS will assess whether broker-dealers and RIAs are prepared for the transition.

3 Ways Crypto Prepares for Looming Regulation

Posted on by Kelly McElroy

Uncle Sam is taking “internet money” seriously.

As a result, elected officials are spending more time talking about crypto.

Do you know what that means? Regulation will follow the buzz.

In an interview with Yahoo!, U.S. Rep. Jim Himes (D-Conn.) characterized the current crypto climate as a showdown with Securities Exchange Commission Chairman Gary Gensler: “We’re sort of in a vapor lock around this issue of the registration of entities, exchanges, etcetera with Gary Gensler at the SEC saying, ‘I don’t need more statute. I’ve got all the law I need. What I need is for people to comply.’ And, of course, many people are saying, ‘Well, we don’t agree with that, and we are not going to comply’. So that suggests we are going to need to figure out whether additional statute is necessary, and Gary Gensler is wrong or whether Gary Gensler just needs to do a lot more enforcement to get people to see his point of view, that they should be registering under existing law.”

To make things more interesting, former SEC Chair Jay Clayton disagrees with Gensler’s stance, asking the agency to provide guidance on the custody of tokenized assets. In an op-ed piece, Clayton said the SEC should take the next step and present guidelines for crypto assets.

In the meantime, Gensler has embraced regulation through enforcement. He firmly believes the existing security laws on the books are fine for crypto.

So, what’s the play?

Here are three moves that will help small/midsize crypto companies prepare for looming regulation:

Register With The SEC

There remains a cavalier mindset about crypto. And that needs to change.

Crypto is not like going outside and throwing the frisbee, even though there is social media chatter about “going to the moon.” It is not fun and games; Crypto is an actual financial asset that has value. The notion that crypto is a novel, foreign idea wrapped in technology needs to give way to reality.

To protect your company, now is the time to register with the SEC. Long-awaited regulation for cryptocurrency is on the horizon. It is better to prepare now to fit into the current scheme than sit on the sidelines.

Do not wait for the government’s final verdict. Err on the side of caution. It is better to fill out more paperwork and “over-comply” than wait one year later to have the Securities Exchange Commission come knocking. When the agency files a complaint against your company, your reputation could take a hit—along with a hefty legal bill.

Eliminate ‘Dirty’ Money

Part of crypto’s allure is its anonymity, which could make it a prime vehicle for fraudulent activity that includes funding for terrorism. The government will soon introduce regulations that strongly encourage crypto companies to have anti-money laundering programs in place.

No matter how small your company is, you will need to have a designated compliance officer on the payroll. This person can perform other duties, but they must have the title. They also must maintain written policies and procedures. The anti-money laundering plan should be well thought out and detailed, not a two-page report. Ideally, your compliance officer would have the proper credentials, such as the ALMA designation, and appropriate experience. Each organization involved in a chain of transactions involving “dirty money” is accountable.

Sens. Elizabeth Warren (D-Mass.) and Roger Marshall (R-Kan.) have introduced The Digital Asset Anti-Money Laundering Act of 2022, which extends the Bank Secrecy Act. The objective is to subject crypto companies to the same rules as banks and broker-dealers. The bill would address a gap with digital wallets and prohibit financial institutions from transacting with forms of technology that enhances anonymity. Last summer, the currency-mixer Tornado Cash was sanctioned by the U.S. Department of Treasury, alleging money laundering activity with North Korea.

Add A Layer of Governance

Governance is a big part of compliance.

Board members can play a pivotal role. You will need seasoned professionals in many areas, ranging from marketing to technology. Make sure you have board members with deep experience in finance, compliance and internal controls.

Know Your Customer (“KYC”) is a process that identifies your customers and their activities. From a corporate level, do you have the entity’s EIN, articles of incorporation and financial statements? For individual investors, should you recommend a volatile asset to an investor in her 90s? What’s the rest of the story? What are the procedures to address these situations?

Back in 2019, the Commodities Futures Trading Commission, Financial Crimes Enforcement Network and SEC classified crypto exchanges as money service businesses (MSBs), which means they must follow the Bank Secrecy Act of 1970, as well as the anti-money laundering and KYC rules.

While your staff manages the day-to-day operations, your board members can still be part of the mix. Give them oversight of key committees, such as risk and compliance, to provide another layer of review, which would protect the firm.

(Tyler Rutherford is an associate attorney at Pastore with expertise in regulatory compliance, contract law and corporate law. He represents a wide range of clients, including crypto and blockchain companies.)

M&A Success: 4 Ways Companies Sidestep Regulatory, Emotional Challenges

Posted on by Kelly McElroy

On paper, mergers and acquisitions look thrilling.

Diversification. Expansion. Cost savings and larger margins—in less time with fewer dollars.

The promise of M&A can be intoxicating. But here’s a sobering thought: 70% to 90% of mergers fail, according to the Harvard Business Review.

For enterprise companies, regulatory hurdles can knock down the pending merger. Reuters reports that the U.S. Justice Department and Federal Trade Commission have attempted to stop more than 20 mergers since January 2021.

For small to mid-size firms, lack of preparation and purpose may kill the deal.

In theory, it’s a common belief that integration will decide which acquisitions move forward. But in practice, people are behind the numbers and processes.

Regardless of size, here are four ways to dramatically increase your chances at M&A success:

 

  1. Begin at The End

Clarity is a great place to start.

Why are you pursuing a merger? This answer should serve as the North Star because it will impact everything that follows in the process. While proper planning will be important, anticipation will be mission critical.

To advance the deal, think about the company’s building blocks in terms of resources and processes. Those two elements yield value and profit. Developing a clear understanding of these variables will allow you to promote and defend the deal—or arrive at better terms.

How would the pending merger impact the marketplace? How would the acquisition improve your company’s performance? Asking the tough, specific questions internally about what the end result will look like will help you anticipate opportunities to address. In M&A deals, being strategic means beginning at the end because it will ensure that every step along the way is tied to the desired outcome.

 

  1. Eliminate Emotion

 

Your exit strategy should be mapped out during the prep stage. This scenario represents the bare-minimum that you will accept in a negotiated agreement. Otherwise, you will walk.

This simple tactic removes emotion from the deal. Typically, negotiations that drag on tend to motivate players to hang on to finalize the deal for the wrong reasons, which may not be a logical fit with your original plan.

As part of a more logical approach, you should develop a list of specific commitments that you could offer to regulators, or the other party. These commitments should be specific, measurable, attainable and have a realistic time frame. Creating this list in advance will allow you to run the numbers and determine which items you can concede in the most cost-effective manner.

Game Theory is a normal part of negotiations, which is a dance that revolves around give and take. Make sure you understand the value of each move before you take it.

 

  1. Build Trust

 

Trust is a special kind of currency leveraged during M&A negotiations. So, spend it wisely.

Open communications will go a long way toward building a relationship with the other side. From the very beginning, you will need to provide prompt, purposeful and intelligent responses. Delaying a request could stir skepticism and trigger an unfavorable outcome. It’s not uncommon for parties to walk away at the onset if they have a bad “feeling,” which is often created from poor communications.

Anticipating inquiries is also imperative. As part of your preparation, you will need to envision the possible questions and pain points in advance so you can quickly provide an advantageous solution.

To continue building trust—it’s a process—you will need timely financial statements, including monthly, quarterly and annual statements, to show them that your financial house is in order. The worst thing that can happen is that they see something that surprises them.

Establishing open communications, built on transparency and honesty, is invaluable. In part, that means timely responses and organized financials.

 

  1. Stack the Deck

 

Take it from someone who played in the NFL, the teams with the best players tend to win.

In the M&A game, assemble a winning team of experts to increase your chances for success. A tax advisor and business consultant should be on the list and at least one consultant should be familiar with valuing companies in the target industry.

You will also need internal stakeholders, such as your chief finance officer and controller, to be part of your team. These employees, along with the chief operating officer, will be responsible for telling and supporting the story.

And your attorney will bring it all together and keep it moving along.

Collectively, your team will be accountable for building good faith and goodwill throughout the process. They will amplify the positive and address the challenging items directly to bolster the relationships that get the deal done.

Amid the columns of numbers strewn across spreadsheets, you will always find people.

To close your next M&A deal, start there to seal success.

 

(Paul Fenaroli is an Associate Attorney at Pastore. His practice focuses primarily on corporate law, contract law, employment law and regulatory compliance involving M&A activities.)

 

FTX’s Bankruptcy Shines Light on Selling Trade Claims

Posted on by Kelly McElroy

In the wake of FTX’s downfall and bankruptcy filing, more crypto companies are expected to file for bankruptcy.[1] With a tumultuous year in the crypto world, creditors have been left with billions of dollars worth of claims. Unfortunately, bankruptcy proceedings can take years to resolve, thus leaving a creditor in a state of limbo and waiting to learn what portion of its claim will be paid out. As a result of this uncertainty, creditors may wish to consider selling their claims.[2] By selling a claim, a creditor can receive an upfront payment for the claim instead of monitoring the debtor’s bankruptcy case for years. Reconciling and distributing claims in the bankruptcy process is notoriously slow, particularly for very large debtors such as FTX.

Unlike stocks, bankruptcy claims are not sold or traded on the New York Stock Exchange. Instead, creditors must sell their claims through individually negotiated assignment agreements.[3] While there are no standardized forms for claim assignments, creditors tend to use assignment agreements that contain universally accepted terms in addition to negotiating the details, such as whether the buyer can force the creditor to repurchase the claim. Conveniently, creditors do not need to disclose the purchase price or other details of the assignment in the bankruptcy process.

While the prospect of quickly monetizing a claim may be enticing to a creditor, a creditor should consult an attorney to ensure that risks, such as the purchase price being returned to the buyer if the claim’s validity is questioned, are considered and mitigated. We are confident a market for FTX bankruptcy claims will emerge over the next 60 days.

[1] MacKenzie Sigalos and Rohan Goswami, Crypto firm BlockFi files for bankruptcy as FTX fallout spreads, CNBC (Nov. 28, 2022), https://www.cnbc.com/2022/11/28/blockfi-files-for-bankruptcy-as-ftx-fallout-spreads.html.

[2] Bruce S. Nathan and Scott Cargill, A Primer on Selling Bankruptcy Trade Claims, Business Credit (Feb. 2021), https://www.lowenstein.com/media/6418/nathanpluscargill-a-primer-on-selling-bankruptcy-trade-claims-business-credit-22021.pdf.

[3] Bankruptcy Claims Trading: What is it? How do I maximize my returns?, Nossaman (Mar. 25, 2010), https://www.nossaman.com/newsroom-insights-bankruptcy-claims-trading-what-how-do-i.

How the SEC’s New Marketing Rule Affects Investment Advisors’ Advertising Awards and Third-Party Ratings

Posted on by Kelly McElroy

On December 22, 2020, the Securities and Exchange Commission (“SEC”) announced new rules regarding advertising and marketing for investment advisors.[1] The SEC passed the new rules to synthesize and modernize their “Advertising Rule” and “Cash Solicitation Rule” into a new, singular rule designed to regulate investment advisers’ marketing communications.[2] This new rule, 206(4)-1, also known as the “Marketing Rule,” applies to all advertisements. The SEC provided a new definition of what an advertisement is under the Marketing Rule.[3] The revised definition of advertisement has two parts:

First, the definition includes any direct or indirect communication an investment adviser makes that: (i) offers the investment adviser’s investment advisory services with regard to securities to prospective clients or private fund investors, or (ii) offers new investment advisory services with regard to securities to current clients or private fund investors. The first prong of the definition excludes most one-on-one communications and contains certain other exclusions.

Second, the definition generally includes any endorsement or testimonial for which an adviser provides cash and non-cash compensation directly or indirectly (e.g., directed brokerage, awards or other prizes, and reduced advisory fees).[4]

Following the definition, which now includes endorsements or testimonials that promote awards won by the investment advisor, the SEC lists prohibitions.[5] The Marketing Rule prohibits advertisements, “including or excluding performance results, or presenting performance time periods, in a manner that is not fair and balanced.”[6] SEC-registered investment advisors (“RIAs”) must follow the standards set by the Marketing Rule and transition their advertisement of awards won and their performance results. The SEC provided an 18-month transitional period for SEC-registered investment advisors to conform to the new Marketing Rule.[7] The 18-month window closed on November 4, 2022, and the SEC now requires full adherence to the rules.[8]

RIAs seeking to promote third-party ratings, rankings, awards, and performance results through advertisements and social media are directly impacted by this new rule. The SEC dedicated an entire section to third-party ratings in its issuing release, so it is essential for RIAs to be in compliance. The SEC states Rule 206(4)-1(c) will “prohibit an investment adviser from including a third-party rating in an advertisement unless certain conditions are met.”[9] Because of the SEC’s consideration of third-party ratings and awards as advertisements, the advertisement must follow general prohibitions.[10]

The Marketing Rule prohibits making untrue statements of material fact. If the third-party rating entity is credible and the advisor does not use the rating inappropriately, then the prohibitions can be avoided.[11] If the RIC plans to advertise one kind of service when the rating is for another kind of service, the Marketing Rule prohibitions apply.[12]

Additionally, a third-party rating agency providing the rating or award must generate ratings as part of their normal course of business.[13] The RIA also must fulfill two requirements to show the third-party rating or award is presented equally. First, they must show due diligence. The RIA must “have a reasonable basis that any questionnaire or survey used in the preparation of the third-party rating is structured to make it equally easy for a participant to provide favorable and unfavorable responses, and is not designed or prepared to produce any predetermined result.”[14] To comply with the due diligence requirements, RIAs can look at the rating methodology and show the rating is not one-sided or seek representations from the third-party rating agency regarding general aspects of how the survey or questionnaire is designed, structured, and administered. Alternatively, a third party rating provider may publicly disclose similar information about its survey or questionnaire methodology.

The second requirement is disclosure.[15] The RIA must disclose, or ensure the third-party rater has disclosed the date the rating was given, the identity of the third-party that created and tabulated the rating, and if compensation has been provided directly or indirectly by the adviser in connection with obtaining or using the third-party rating.[16] When presenting the rating, the RIA must ensure these disclosures are presented with equal prominence as the rating itself.[17] With the additional attention of the due diligence and disclosure requirements of the Marketing Rule, promoting ratings and awards continue to be possible as long as they are credible.[18]

With the SEC’s focus on solicitation activity regarding awards and ratings, it is imperative of RIAs to review and update their policies and procedures for the publication of awards on their websites, communications, and social media. Given the complexity of the Marketing Rule and the scrutiny of advertising practices, investment advisers should be fully engaged in implementing new policies for their advertisements in compliance with the Marketing Rule.

[1] SEC Adopts Modernized Marketing Rule for Investment Advisers, U.S. Securities and Exchange Commission, (Dec. 22, 2020), https://www.sec.gov/news/press-release/2020-334.

[2] Scott L. Beal, Kerry Potter McCormick, Scott Budlong, Travis Ortiz, Paige McHugh, Compliance Date Approaching For New Marketing Rule For Investment Advisers, Vol. XII, The National Law Review, 319 (2022)

[3] Id.

[4] SEC Adopts Modernized Marketing Rule for Investment Advisers, supra note 1.

[5] Id.

[6] Id.

[7] Id.

[8] Id.

[9] 17 CFR Part 275 and 279.

[10] Benjamin Bishop, SEC Marketing Rule: Implications for news releases that promote third-party ratings and rankings, Lowe Group Financial Communications, (Aug. 3, 2022), https://lowecom.com/2022/08/03/sec-marketing-rule-implications-for-news-releases-that-promote-third-party-ratings-and-rankings/.

[11] Id.

[12] Id.

[13] Id.

[14] 17 CFR Part 275 and 279.

[15] Id.

[16] Id.

[17] Id.

[18] Benjamin Bishop, supra note 10.

Opportunity for U.S. Backed Digital Currency

Posted on by Kelly McElroy

Cryptocurrency (“Crypto”) is an easily accessible digital asset used for financial transactions.[1] Crypto has become a source of payment on virtual platforms and utilizes blockchain technology.[2] While digital transactions eliminate the need for intermediaries such as banks, credit card companies, or third-party payment processors, it is an unregulated and volatile field.[3] The recent events with FTX highlight this issue.

The use of Crypto rose globally at an unprecedented rate during the COVID-19 pandemic.[4] Developing countries in particular accounted for 15 of the top 20 economies in 2021 using Crypto.[5] One of the most notable countries attempting to adopt Crypto is El Salvador. In 2021, El Salvador became the first country in the world to recognize Bitcoin as legal tender.[6] As such, El Salvador attempted to turn an impoverished area around the Conchagua volcano into a Bitcoin City.[7] The President of El Salvador, Nayib Bukele, hoped to create a futuristic metropolis from Crypto using the Conchagua volcano as a geothermal plant.[8] Unfortunately, President Bukele invested $100 million of government funds into Bitcoin when prices peaked, which led to a further debt crisis in El Salvador. One of the issues El Salvador and other developing countries have run into with the use of Crypto as legal tender is the volatility of the market. Since 2021, Bitcoin has dropped 61%, and El Salvador is likely to default on its debts in the next few years due to the dramatic drop in value.[9] The price of Crypto is open to fluctuation, fraud, and tax evasion due to the lack of regulation and backing by a central bank or government.[10]

One solution that has been proposed to bring stability to the Crypto market is a Central Bank Digital Currency (“CBDC”), which is a digital token, similar to Crypto, issued by a central bank. In the United States, the digital form of the token would be the equivalent of the U.S. dollar.[11] President Biden and the Federal Reserve are evaluating the creation of a U.S. CBDC and how it would work alongside the existing form of physical currency.[12]

The benefits of a U.S.-issued CBDC include privacy-protected digital currency, improvements to cross-border payments, and support to the U.S. dollar’s international role.[13] A U.S. CBDC would offer access to digital money that is free from credit and liquidity risks, unlike money held in a traditional bank.[14] Currently, Federal Reserve notes are the only central bank money available to the public. The use of a CBDC would provide a cheaper, faster form of transferring money and bring people who do not have bank accounts into the financial market.[15]

The dollar is the world’s most widely used currency for payments and investment.[16] A CBDC would expand the U.S. economy by creating a financial market with the global use of a CBDC.[17] Recently, China introduced its own CBDC, which may decrease the demand for the U.S. dollar abroad. The creation of a U.S. CBDC would allow competition on a global scale with China and other countries that have developed a digital currency backed by their central bank.[18]

Despite the benefits to the U.S. consumer and the global financial system, a U.S. CBDC has several issues. Many Americans actively use and prefer cash.[19] Additionally, there are privacy issues with digital currency. A Federal Reserve-backed CBDC system would allow the central bank to see every user transaction.[20] Additionally, banks have questioned the legal authority of the Federal Reserve to issue a digital currency without authorization from Congress.[21]

The White House, the Office of Science and Technology Policy, and the National Science Foundation continue to work on the National Digital Assets Research and Development Agenda.[22] The Executive Branch has placed a high priority on advancing research concerning Crypto and how it could provide financial inclusion and equity to Americans.[23]  While the benefits of a U.S. CBDC are plentiful, there are many moving parts to the initiation of a central bank backed digital currency in the United States. However, even with the lack of regulation and its volatile nature, Crypto is not going away. Crypto provides businesses and consumers with easily transferable, convenient, less expensive means of transferring money.[24] A U.S. backed stable coin may provide such stability. Clearly, the U.S. would not want the European Union or another Western power to issue such a coin and undermine the U.S. leadership in global currencies.

 

[1] Molly Mastantuono, Cryptocurrency 101: A Guide to Digital Dollars (Dec. 17, 2021), https://www.bentley.edu/news/cryptocurrency-101-guide-digital-dollars.

[2] Id.

[3] Id.

[4] UN trade body calls for halting cryptocurrency rise in developing countries, United Nations (Aug. 10, 2022), https://news.un.org/en/story/2022/08/1124362.

[5] Id.

[6] Joe Hernandez, El Salvador Just Became The First Country To Accept Bitcoin As Legal Tender, NPR (Sept. 7, 2021), https://www.npr.org/2021/09/07/1034838909/bitcoin-el-salvador-legal-tender-official-currency-cryptocurrency.

[7] Zeke Faux, El Salvador’s $300 Million Bitcoin ‘Revolution’ Is Failing Miserably (Nov. 4, 2022), https://www.bloomberg.com/news/features/2022-11-04/el-salvador-s-bitcoin-revolution-is-failing-badly.

[8] Id.

[9] Id.

[10] UN trade body calls for halting cryptocurrency rise in developing countries, supra note 4.

[11] Dr. Alondra Nelson, Alexander Macgillivray, Nik Marda, Technical Possibilities for a U.S. Central Bank Digital Currency (Sept. 16, 2022), https://www.whitehouse.gov/ostp/news-updates/2022/09/16/technical-possibilities-for-a-u-s-central-bank-digital-currency/.

[12] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, Board of Governors of the Federal Reserve System (Jan. 2022), https://www.federalreserve.gov/publications/files/money-and-payments-20220120.pdf.

[13] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, supra note 12.

[14] Id.

[15] Andrew Ackerman, What is a Central Bank Digital Currency and Should the U.S. Issue it? (May 26, 2022), https://www.wsj.com/articles/should-the-u-s-issue-a-digital-dollar-which-could-compete-with-crypto-assets-11646921329.

[16] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, supra note 12.

[17] Id.

[18] Boucher, supra note 16.

[19] Andrew Ackerman, Fed Launches Review of Possible Central Bank Digital Currency (Jan. 20, 2022), https://www.wsj.com/articles/fed-launches-review-of-possible-central-bank-digital-currency-11642706158

[20] Id.

[21] Id.

[22] Money and Payments: The U.S. Dollar in the Age of Digital Transformation, supra note 12.

[23] Id.

[24] Shobhit Seth, What is a Central Bank Digital Currency (CBDC)?, Mar. 9, 2022, https://www.investopedia.com/terms/c/central-bank-digital-currency-cbdc.asp.

SEC ad rule may affect use of interactive analysis tools

Posted on by Luke Daigle

The new SEC advertising rule 206(4)-1 addresses the use of “interactive analysis tools” commonly used by investment advisers. In a recent article appearing in Regulatory Compliance Watch, Pastore associate attorney Paul Fenaroli weighs in on how this rule may affect the way advisers use these tools with their clients.

Read the article here

Source: Regulatory Compliance Watch, October 3, 2022. (www.regcompliancewatch.com)

SEC Proposes Change to Cybersecurity Reporting Requirements for Public Companies

Posted on by Kelly Somers

With the threat of irrevocable reputational harm and damage to consumer trust brought on by data breaches to public companies, the United States Security and Exchange Commission (“SEC”) recently proposed new cybersecurity reporting requirements. In March, SEC Chair Gary Gensler noted these new amendments will, “strengthen investors’ ability to evaluate public companies’ cybersecurity practices and incident reporting.”[1] If the proposed amendments pass, it would impose new requirements on board of directors, including management reporting, organization, and board composition.[2]

The proposals aim to promote incident disclosure and increase risk management, strategy, and governance disclosure of data breaches.[3] One amendment would require a company to notify shareholders and the SEC within four business days when a material cybersecurity incident occurs.[4] The SEC would also require standardized disclosure of a company’s cybersecurity risk management and strategy, management’s role in implementing cybersecurity policies, and the board of directors’ cybersecurity expertise.[5]

As the SEC signals the necessity of new disclosure policies, companies should assess their current cyber reporting practices and procedures. The proposals aim to bridge the gap between business executives and security executives to ensure cybersecurity is included in their everyday business conversations and reporting practices.[6] In preparation of these proposals, companies can educate their board on their policies and procedures regarding cyber security risks. It is no longer the sole job of the chief information security officer to translate technology risk to business risk.[7]

[1] SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, SEC (Mar. 9, 2022), https://www.sec.gov/news/press-release/2022-39

[2] Id.

[3]  Public Company Cybersecurity, Proposed Rules, https://www.sec.gov/files/33-11038-fact-sheet.pdf (last visited Sep. 22, 2022).

[4] Id.

[5] Id.

[6] Insight Report, World Economic Forum Global Cybersecurity Outlook (January 2022), https://www3.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2022.pdf.

[7] Bob Ackerman, New SEC Cybersecurity Reporting Requirements: Three Things Companies Need To Do Now, Forbes (May 25, 2022) https://www.forbes.com/sites/forbesfinancecouncil/2022/05/25/new-sec-cybersecurity-reporting-requirements-three-things-companies-need-to-do-now/?sh=2d78e01e6f05.

New York State Department of Financial Services Issues Consent Order Against Robinhood Crypto, LLC

Posted on by Kelly Somers

As interest in cryptocurrencies (“crypto”) continues to rise, businesses and investors are left wondering what regulations they must follow. While a broad regulatory framework is still nonexistent for the crypto industry, the New York State Department of Financial Services (“DFS”) recently imposed a $30 million fine on Robinhood Crypto, LLC (“Robinhood”), a wholly-owned crypto trading unit of Robinhood Markets Incorporated, for failing to comply with New York anti-money laundering (“AML”) and cybersecurity regulations.[1] This is the first time DFS has taken enforcement action against a crypto company. In making the announcement, the Superintendent of DFS, Adrienne Harris, stated, “[a]ll virtual currency companies licensed in New York State are subject to the same anti-money laundering, consumer protection, and cybersecurity regulations as traditional financial services companies.”[2] Superintendent Harris made it clear that while this may be the first such action against a crypto company, it will not be the last.[3] DFS expects crypto companies to invest in compliance programs like traditional financial institutions.

In the DFS Consent Order, DFS took issue with several aspects of Robinhood’s compliance program[4] Specifically, Robinhood failed to devote sufficient funds and resources to its compliance program,[5] its Chief Compliance Officer lacked “commensurate experience to oversee a compliance program such as [Robinhood’s]” and did not participate adequately in the implementation of Robinhood’s automate software compliance program, [6] and Robinhood overly relied on the compliance program of its parent and affiliate despite those compliance programs were not compliant with New York State’s regulations.[7] Moreover, Robinhood failed to adequately evaluate “potentially suspicious transactions in order to determine whether a [Suspicious Activity Report] should be filed.”[8] DFS noted that as of October 26, 2020, Robinhood had a backlog of 4,378 potentially suspicious transaction alerts.[9]

While Robinhood may have had a compliance program on paper, DFS made it clear that it is focused on the execution of such programs. One thing is clear: the DFS Consent Order indicates that regulatory and enforcement agencies are starting to take action against the crypto industry. Common sense, sound legal advice, and diligence will help any business or investor navigate this market as state and federal agencies begin to enforce traditional financial services regulations on the industry.

[1] In the Matter of Robinhood Crypto, LLC, Dep’t of Fin. Servs. (Aug. 1, 2022), https://www.dfs.ny.gov/system/files/documents/2022/08/ea20220801_robinhood.pdf.

[2] DFS Superintendent Harris Announces $30 Million Penalty on Robinhood Crypto for Significant Anti-Money Laundering, Cybersecurity & Consumer Protection Violations, Dep’t of Fin. Servs., https://www.dfs.ny.gov/reports_and_publications/press_releases/pr202208021 (last visited Sept. 19, 2022).

[3] Id.

[4] Id.

[5] Id. at ¶¶ 36-41.

[6] Id. at ¶ 36.

[7] Id. at ¶ 6.

[8] Id. at ¶ 37.

[9] Id.